package com.liveneo.system.base.security;

import javax.annotation.PostConstruct;
import javax.annotation.Resource;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Component;
import com.liveneo.adapter.base.entity.PrpmUser;
import com.liveneo.system.base.utils.EncryptUtil;
import com.liveneo.system.base.utils.UserUtil;
import com.liveneo.system.service.UserService;

/**
 * 
 * 用户登录  经过shiro校验授权
 * @author hjt 2016-05-13
 *
 */
@Component
public class UserPassAuthRealm extends AuthorizingRealm {
    @Resource
    private UserService userService;

    /***
     * 获取授权信息
     * @param principalCollection
     * @return
     */
    @SuppressWarnings("unused")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Principal principal = (Principal) getAvailablePrincipal(principalCollection);
        PrpmUser prpmUser = userService.findByUsername(principal.getLoginName());
        if (prpmUser != null) {
            // 添加当前用户相关的权限信息 包括角色、权限等信息
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        }
        return null;
    }

    /**
     * 进行登陆的认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken authTocken = (UsernamePasswordToken) authenticationToken;
        PrpmUser prpmUser = userService.findByUsername(authTocken.getUsername());
        if (prpmUser == null) {
            throw new UnknownAccountException();// 没找到帐号
        }
        if (Boolean.FALSE.equals(prpmUser.getValidStatus())) {
            throw new LockedAccountException(); // 帐号锁定
        }
        byte[] salt = EncryptUtil.decodeHex(prpmUser.getPassword().substring(0, 16));
        // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,自定义的校验规则initCredentialsMatcher
        return new SimpleAuthenticationInfo(new Principal(prpmUser), prpmUser.getPassword().substring(16), ByteSource.Util.bytes(salt), getName());
    }

    /**
     * 设定密码校验的算法与迭代次数
     * 
     */
    @PostConstruct
    public void initCredentialsMatcher() {
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(EncryptUtil.SHA1);
        matcher.setHashIterations(UserUtil.HASH_ITERATIONS);
        setCredentialsMatcher(matcher);
    }
}
